Error 1321 – The Installer has insufficient privileges to modify this file when Read and Execute right on Folder but not on files.

It looks like the windows installer has a problem with deleting files when
the user has the “Read and Execute” right on the parent folder of the file
while the file itself is not accessible by the user.

– Allow inheritable permissions from parent to propagate to this object

– Copy the previous inherited permissions to this object

– Remove the ACE for the group Users.

– Add the ACE for the group AppA

The ACL now has the following ACE’s:

– Administrators (Full control)

– System (Full control)

– AppA (Read and Execute)

Note:

On the folder c:\program files\common files\microsoft shared\proof the the
user has NO rights, the files in that folder inherent the rights of the
parent folder.

9) Remove the TestUser from the member list of security group AppA

10) Logon as TestUser

11) The MSI is uninstalling, when complete the files are gone, and the
shortcut is no longer part of the start menu

Interpretation of the results:

Interpreting the results from the scenario’s it looks like the installer is
looking at the parent folder to see if the user has the Read and Execute
right, if that’s the case, it assumes the user has the same right for all
files in that folder. If one or more files in that folder do not have Read
and Execute for the user, uninstall is failing with a 1321 error.

On the other hand, if the user has NO Read and Execute on the parent folder,
it does not matter what rights the files in that folder have, the installer
is successful in uninstalling the files.

Carolyn napier 2012-08-30 10:52:59

Can you provide some more clarification?

Is this a file on the local disk?
Is the installation running with elevated privileges (i.e. per-machine install
or per-user managed)?
Is the user an admin?

thanks,
– Carolyn Napier

—
This posting is provided “AS IS” with no warranties, and confers no rights.
Please do not send email directly to this alias. This alias is for newsgroup
purposes only.

MSI FAQ:

Marcel 2012-08-30 10:53:17

Hi Carolyn,

The clarification:
1) [Is this a file on the local disk] => Yes, it is a file on the local
disk
2) [Running with elevated privileges] => Yes, it is runnning with elevated
privileges (managed application by using group policy), it is a per-user
managed application
3) [Is the user an admin] => ]No, the user is a minimal user; no admin
rights, just member of domain users.